Andy Dustman wrote:

Note that these comments apply primarily to the cracker remailer.

On Tue, 11 Nov 1997, Anonymous wrote:

...

Perhaps the next wave of attacks on remailers will not consist of attempts to shut them down altogether but to progressively cripple them by getting certain features disabled, one by one. This seems to have already started. The strategy seems to be to fabricate a form of "abuse", anonymously through remailers, for which the seemingly "logical" solution is to disable a certain feature. This has already proven successful with header pasting, for example. Now you can't post to Usenet and set the From: address to that of your own 'nym.

I think this has not only "already started," but is already reaping exactly the results intended. The remailer attacks are very similar to age-old methods of censorship and control by government and society. Those who define the 'problem' have taken a large step toward directing/controlling the 'solution.' The 'final solution' to remailer spam is to host it @dev.null, but then you end up with a sick, twisted entity like the TruthMailer. <sounds of CypherPunks screaming in anguish, as they slash their wrists>

...

If the "camel" can get his nose under the tent and convince operators to start filtering on the *CONTENT* of the Subject: line or body of usenet posts, the anti-privacy nuts will have scored a major victory. In fact, from reading Jeff Burchell's posts, it looks like Gary and his DataBasux-ers had initially convinced Jeff to do exactly that. But, in a symbolic victory for freedom of speech, he removed those filters for a week before he finally shut down Huge Cajones altogether.

"If I make the Subject: line, "Make $$$ Fast," then the person who I am anonymously ratting out for murder/molestation is not likely to read it, if there is a copy automatically saved somewhere by the software." My point being that a remailer operator has no way of knowing what the ultimate effect of *any* filtering/blocking will be. (Unless you read all of the email, like I do as the 'Bad Remailer' operator.)

Cracker does have a spam-bait mangler which is somewhat simpler than the scheme Jeff used. In a nutshell, if there are an inordinately large number of addresses (compared to other text), the addresses are mangled, i.e., president@whitehouse.gov becomes president <AT> whitehouse <DOT> gov. Still human-readable but useless for address harvesters. No posts get dropped or filtered out under this scheme, and no keywords or particular addresses are looked for.

PLATITUDE WARNING!!! "When you're up to your ass in alligators, it's hard to remember that your original objective was to drain the swamp." It has been my experience that the 'Fear of Spam/Abuse' is beginning to be the controlling factor in the usefulness, or lack thereof, of an increasing number of remailers. In my opinion, any form of blocking/filtering which is not described in the remailer-help documentation defeats much of the purpose of providing remailer service in the first place. In particular, the very fact that people become confused as to what is, or is not, 'acceptable' use of a remailer tends to lead to a decline in their use. Increasingly, as well, the knowledge that vaguely described filtering/blocking is being done by the remailer leads one to become confused as to what is an unacceptable 'method' of using a remailer. I cannot help but feel that there has to be some simple ways of addressing the spam/abuse issue without making the remailers a hit and miss proposition for the average computer user. e.g. - A stated policy of allowing only 'X' number of emails from the same address/ISP per day--UCE spammers *could* work around this, but they make money by speed and volume, not by farting around with this-and-that. This would immediately eliminate the spammers who are only capable of hitting the return key on their spamming software, leaving the operator free to take specific actions against anyone who does take the time and trouble to circumvent the policy. And someone who has gone to all of that trouble, only to get an email saying, "It didn't work.", is likely to move on to greener pastures fast. What I am getting at is that all an operator really needs to do to eliminate volume-abuse/spamming is to make it 'difficult' for those spamming, not 'impossible.' Remember that the UCE spammers need to send *millions* of emails to survive. When spam became a problem, I joined an anti-spam list and a UCE spammers list. Serious spammers do the same. I think it is important to take the time to *notify* those who you are filtering/blocking, even if it means searching their messages for an email or snailmail contact point. Remember that one reason these people send out the volume they do is that they *need* volume to survive. If you don't notify them that their time and resources are *wasted* by using your remailer, then they will have no reason not to drop you as a route for their spam. I used to see people on the UCE/Spam list bragging about how they were sending 10,000 emails a day through 'X', and 'Y' and 'Z', and then see sysadmins/operators at 'X', 'Y' and 'Z' posting to the anti-spam list, complaining, "I'm spending all of my time dumping 10,000 emails a day from some asshole." I believe that remailer operators should provide examples/details of how any filtering/blocking policy is instituted, in order to inform those who wish to use the remailer, and to discourage those who want to abuse your policy. Subject and Content filtering are a never-ending merry-go-round in which you block "Make $$$ Fast," <including my own spam-spoofs "Make $$$ Fast at Home, Licking Your Own Dick!!!">, and the spammers switch the Subject: line to "In Reply To Your Email." <you all know the drill...> If an operator wishes to block whitehouse.gov from abuse by psychotic child-molesting, terrorist CypherPunks (like yourselves), then it should be stated plainly in the remailer-help, for the youngster who mistakenly thinks they have sent a plea for help to the whitehouse, or another .gov site, or an AOL site, or whoever you use your policy to block. I know the problems faced by those providing public remailer services, and I appreciate the efforts/problems of the operators. I help people running private remailers for specific groups needing privacy and security, and it is still not a piece of cake. My problem is in many ways the opposite of many remailer operators. I have people who sometimes need to send out several hundred emails to people in a manner where they can reply anonymously, and have run into filtering/blocking problems which seemed to change randomly, at times. So I can sympathize with those who have few computer skills and give up on remailers because "...they don't seem to work." My concern is that efforts toward total abuse-security will result in the same convuluted dysfunctionality that results from those seeking total privacy-security (without ever achieving that, either). Blocking/Filtering == Censorship! I recognize the need for each remailer operator to set their policy according to their own individual situation, as it may be better to allow threatening letters to legislators only one day a week than not to provide the service at all, but I think it is important to make it as clear as possible what the policy is, and how it is instituted, so that remailers can be more than just toys for the computer literate. I also think that the remailer-help sent out should contain some way for a potential user to bypass remailer policy, if necessary. e.g. - "I run a suicide support list and need to send/receive several hundred emails sometimes. Please reply to me at the *real* address I am providing, as to whether you can allow me to send that many per day through your system." Blocking/Filtering == Censorship! Certainly there are those who seek to invent newer and better forms of 'abuse' in an attempt to exercise disruptive power over the remailer operator, but it has been my experience that those who engage in those activities in order to fight perceived 'hypocrisy/censorship' are much more likely to target those who do not clearly explain their policies and the reasons behind them, as well as asking for feedback from those who disagree, or think they have a better idea. There will always be those who attack remailers who have a policy of 'censoring' life-threatening letters to legislators, or 'censoring' pictures of Mickey butt-fucking Minnie addressed to children's lists. What is important to remember is that they have a right to their view, and to push the envelope, or yank your string, or whatever. As a remailer operator, it is *your* role to enforce whatever policy you personally believe in (or need to institute in order to survive as a remailer). It is also your burden to bear, to figure out how to do so without negating the goals that have inspired you to offer the service, in the first place. Personally, I think that remailers are one of the most important remaining providers of tools supporting freedom of speech/communication on the InterNet. I and many others appreciate the service much more than is apparent from the ratio of thank you's to fuck you's that you receive, so you should all give yourselves a couple million pats on the back. (Except for those greedy assholes at Cracker...and the Commies who run Replay...and the Mountie Jackboots running Jam...and the Godless anarchists at bureau42...and all those operators sucking John Gilmore's cock..and......